Tuesday, April 23, 2024
HomeActive Directory
Active DirectoryScripts

Active Directory Report (ADRecon)

Mark Rochester
By Mark Rochester
0
3504

This report runs on any locally connected machine and creates a beautiful report on the Active Driectory structure that it finds, as you can see from the screenshot below. Simply use the PS1 file below and run it. It does require Office to be installed on the machine you run it on to get the report in the Excel format.

https://github.com/sense-of-security/ADRecon

ADRecon is a tool which extracts and combines various artefacts (as highlighted below) out of an AD environment. The information can be presented in a specially formatted Microsoft Excel report that includes summary views with metrics to facilitate analysis and provide a holistic picture of the current state of the target AD environment.


The tool is useful to various classes of security professionals like auditors, DFIR, students, administrators, etc. It can also be an invaluable post-exploitation tool for a penetration tester.

It can be run from any workstation that is connected to the environment, even hosts that are not domain members. Furthermore, the tool can be executed in the context of a non-privileged (i.e. standard domain user) account. Fine Grained Password Policy, LAPS and BitLocker may require Privileged user accounts. The tool will use Microsoft Remote Server Administration Tools (RSAT) if available, otherwise it will communicate with the Domain Controller using LDAP.

The following information is gathered by the tool:

  • Forest;
  • Domain;
  • Trusts;
  • Sites;
  • Subnets;
  • Default and Fine Grained Password Policy (if implemented);
  • Domain Controllers, SMB versions, whether SMB Signing is supported and FSMO roles;
  • Users and their attributes;
  • Service Principal Names (SPNs);
  • Groups and memberships;
  • Organizational Units (OUs);
  • GroupPolicy objects and gPLink details;
  • DNS Zones and Records;
  • Printers;
  • Computers and their attributes;
  • PasswordAttributes (Experimental);
  • LAPS passwords (if implemented);
  • BitLocker Recovery Keys (if implemented);
  • ACLs (DACLs and SACLs) for the Domain, OUs, Root Containers, GPO, Users, Computers and Groups objects;
  • GPOReport (requires RSAT);
  • Kerberos (not included in the default collection method); and
  • Domain accounts used for service accounts (requires privileged account and not included in the default collection method).
Previous article
Azure AD Cloud Sync
Next article
Active Directory (AD) HTML Report
Mark Rochester
Mark Rochesterhttps://thecloudgeezer.com
Mark currently works in the cloud space assisting large companies to migrate from either on premises to the cloud, or cloud to cloud. His experience with Enterprise migrations spans more than 25 years which basically makes him old. However, with all the oldness creeping up he still finds technology massively exciting. Please reach out for a chat anytime you would like. :-)

Related Articles

Migration Tools

Migrate Microsoft 365 Mailboxes to Google Workspace

This is not a very common subject to talk about as most of the migrations that get performed are people moving into the Microsoft...
Read more
Cloud

Microsoft 365 Discovery Report

If you are working with a Microsoft 365 tenant, whether it is for your own or for a client, it is often necessary to...
Read more
Cloud

Batches Paused in ‘Needs Approval’ Status

When you are using the native Microsoft tools to migrate from Google Workspace (Gmail) into Microsoft 365 the tool works very well. It does...
Read more

Stay Connected

88FansLike
36,999FollowersFollow
32,381SubscribersSubscribe
- Advertisement -

Latest Articles

Load more

The Cloud Geezer - A collection of articles, tutorials and fun items all based on the Cloud. Please email me with requests or comments. I do enjoy the feedback.

Contact me: [email protected]

© Copyright - The Cloud Geezer - 2023